Amazon’s withdrawal of ebooks by George Orwell seems positively Orwellian; ‘owners’ of the ebooks on Kindle woke up last week to discover that they should have read the small print. All they had was a licence for the ebooks and when it turned out that the publisher didn’t have the rights to sell that licence to Amazon to sell on to customers , Amazon revoked the licences and issued automatic refunds. A seamless if disturbing experience that proves that one cheap ebook reader from Elonex does not a mass market make. But if you needed to update a company price list or redact internal guidelines, could you do it with anything approaching the same efficiency?

A rich permissions-based licence system (as opposed to a simple encrypted, here’s one key and don’t lose it DRM system) gives content owners a lot of control. A writer could give away a free chapter with a discount code, give away a 3-month ready copy that you had to pay to keep or have their backlist turn free for a month every year or whatever incentive model they wanted to try out – and they could change it if it didn’t work. Can you even block last month’s price list from being sent out by accident?

The Windows Rights Management service in Windows Server is a start, coupled with Office and SharePoint (one of the reasons Google Docs isn’t as scary to Microsoft as the free Office 2010 Web apps might make you think). Keep pricelists in a SharePoint library set to expire after 30 days and people will have to go to a lot more trouble (extracting and resaving the information) to use out of date prices than to get current ones. Sure people can photograph the screen or read the document out to an accomplice over the phone. At that point you’re dealing with malicious behaviour rather than the simple desire to do your job that is responsible for the majority of information leaks and technology isn’t the right solution. But if you’re doing modern security and reperimeterisation (the perimeter isn’t gone, it’s just around the data itself), you need to think about information in terms of rights and licences, not bits and bytes and firewalls.

-Mary

Tim Berners-Lee may not have been Sergeant Pepper, but his work at CERN has left the world with a vital and powerful communications tool.

CERN has chosen to mark today to commemorate the approval of the initial project that two years later became the public web. It’s been surprising to think just how quickly the Web became the stuff of everyday life, and the place (the cyberspace?) where millions of us work.

I’ve been using the web since a few days after the first public web server went live, with my first access through a university terminal and a little text browser. It was a year or so later that I sneaked into the old SCO offices in Watford on a Sunday afternoon to be shown the the glowing grey pixels of the first release of the Mosaic browser.

It was only a year or so later that Mary and I wrote a round up of all the web browsers then available. It’s hard to imagine in these days of IE, Mozilla, Chrome and Safari that there more than 20 different browsers - a pre-Cambrian explosion of the Web. Shortly after that I moved to Bath, to help found UK Online, one of the first web-based content services - a direct ancestor of the CMS systems that power IT Pro…

Time flies, and the Web has become all pervasive - on our phones, our TVs, even baked into the hardware in our homes. We work using web-based cloud services, and we shop and talk all across the Web.

So, in a flash of historical perspective, here is a picture of the first web server. It’s Tim Berners-Lee’s original NeXT Cube, now in a case in CERN’s small museum. And the sticker? “Do Not Power Down. This Is A Server.”

–Simon

(In Silicon Valley)

We’ve all heard of P2V - taking a physical server and making it virtual. Now it’s time to start thinking about D2C.

Mary and I have just finished an intense couple of days at the DEMO09 event in Palm Springs, where 39 companies had 6 minutes each to unveil a new product. Most were consumer technologies, but there were a few for the IT Pro readership, with one of the most interesting being AppZero’s.

Getting applications to run in the cloud can be an issue. Most cloud services are proprietary, and where there’s scope for you to build and run your own cloud servers, you’re often limited to working through unwieldy and complex web interfaces. Even Amazon’s AWS isn’t that easy to use.

That’s where AppZero’s tools come into play. They can take an existing set of servers and replicate them straight into Amazon’s cloud. First servers are converted into virtual application appliances - whether Windows, Solaris, or Linux. There’s not much overhead - AppZero claims less than 3% - and once wrapped as a single VAA file it’s easy to move them just anywhere - whether it’s around your data centre or up into the cloud. Instead of configuring applications and operating systems, a move is as simple as a file copy.

There’s a control panel to help manage and set up cloud servers for your application appliances - helping you avoid the hard work in setting up EC2 servers. It’s not perfect yet (the DEMO09 version was a beta), and there’s no way of specifying Amazon’s European servers rather than the US network. However, there’s a lot of promise in the service, taking a Datacenter to the Cloud, making D2C reality.

Something to look out for!

–Simon

(in Palm Springs)

The other day I made a stupid mistake.

This one was particularly stupid, as in a momentary fit of neatness, I deleted all the old Small Business Server Group Policy Objects from my main office server.

The AD looked a lot neater now.

However I’d just given myself a whole new world of hurt.

I’d upgraded our network earlier in the year, and had replaced the SBS 2003 box with a Windows Server 2008 machine. In the migration, all the old GPOs had made their way across to the server, and one or two of them weren’t suitable for the current network configuration.  Deleting them shouldn’t mean too much disruption - or so I thought.

I was very very wrong indeed.

Deleting the GPOs also took out the associated Active Directory objects.

That wasn’t good at all.

Bang went all the users, all the mailboxes, and all my domain attached PCs were left unable to log in.

Ooops.

Luckily for me, Windows Server is designed to help deal with that sort of mistake.  Active Directory Tombstone Recovery stores deleted AD objects - the trick, of course is to find a way to undelete them.

Again, luckily for me, the folk at Quest have a free tool to do just that. It’s not their full-featured Active Directory Recovery Manager, which is an excellent AD management tool. Object Restore for Active Directory is a simple tool that scans a server’s tombstoned objects, and gives you a list of what’s been deleted. Windows Server’s Tombstone Reanimation interfaces let you recover stored objects, and the Quest tool simplifies the recovery process, quickly dropping your recovered objects back in the Active Directory.

You can then move them into the appropriate place. My users could now log back into the server. However, that was only part of the story, as I had to recover the mailboxes and reconnect them to the user accounts. Again, the tools built into the server saved the day, as Exchange 2007’s wizards quickly put user and mail back in touch.

I was lucky. It took less than an hour to get everything back in place - thanks to the tools built into my server, and the free applications I found online.

The moral?

Don’t rush at things - and make sure you know exactly what a change means to your server, and to your users.

Server sales went down 3.8% and up 4.9% this summer. That’s up if you’re counting how many servers companies have been buying in EMEA in Q3, by nearly 5% and down by just under 4% if you’re counting how much they cost. It’s the biggest fall in the amount spent on servers since the end of 2005, and la the news is much worse in Western Europe, at least for server vendors. Revenue went down 7.6% compared to last year, although unit sales are only down by 0.6%; that means you can buy almost as many servers as you did last year and pay rather less for them.

Dig into the IDC figures and there are some other interesting trends. Central and Eastern Europe are using more and more IT and it’s not just commodity x86 servers (up by 15/9%); pricier Itanium, mainframe and other non x86 servers went up by 22% and IBM saw almost 50% increase in revenue for z OS here. Windows didn’t lose any revenue this year either, all though all other server operating systems did, including Linux (although only what IDC calls a ‘very minor drop’); in fact Windows gained another 2% of server OS market share across EMEA.

It’s still the year of blades: up by 37.5% in sales compared to last year, and now 12% of all server sales by revenue. IBM lost as much on falling sales of x86 servers as it made on System z mainframes. Sun’s SPARC Enterprise systems sold well but Sun still lost share in the server market. Like IBM, it’s losing out to Dell and HP: HP was the number one server vendor with 2.4% growth, mainly because of ProLiant sales. Dell had a small increase in revenue and a 4% increase in shipments: more than HP but much less than the double-digit growth it had been seeing in previous quarters.

So, yes, servers sales are down overall and manufacturers will be hurting; but so far it seems to be canny buying that’s affecting the market as much as buying fewer servers. And that makes me think that while some companies may be skipping new servers in favour of SaaS and the cloud, more are just tightening their belts. The credit crunch has led to plenty of mergers and acquisitions (some more voluntary than others); that’s a lot of heterogenous IT systems to integrate, which means less time to go building new systems that need new servers - and more servers in a business that might get better economies of scale.

And then there’s virtualization. The server vendors have been supporting virtualization to the point of putting hypervisors in flash on new servers to get you running 20 servers’-worth of VMs on your new box more quickly. I’ve been asking vendors if this isn’t storing up trouble and lost sales for the future. You might never have bought the other 19 servers, but how about just another two or three? Answers have ranged from blank looks to assurances that it wouldn’t be a problem for long enough to let them find a way around it (often followed by ‘people will always need new servers’) to the very honest ‘yes, but we have to do it these days’. VMware revenue was up 32% for Q3 2008 compared to the year before; growth for 2008 might “only” be 42% rather than 45%. Microsoft has only just got into the serious hypervisor market with Hyper-V but it’s free with Server 2008 so you can expect it grow fast; Citrix and Red Hat have been chalking up the numbers for a few years too. Maybe the credit crunch will be the point at which virtualising servers also comes to mean not buying as many new ones

Server sprawl. It’s only human nature. I mean, not everything in my freezer is labeled because how could I possibly mistake frozen sliced pineapple for frozen sliced mango or frozen sliced polenta? And it’s obvious that KINGEX is the Exchange server for the Kingston branch and KINGXEX is the Exchange server from the Kings Cross branch and SERVER 111 is either the 111th server we put in or the server we put in on either the eleventh of January or the first of November

The cloud demands identity. Microsoft has a strong, secure, privacy-friendly identity technology that’s open, easy to federate and will transform the Web and the cloud. So why is Windows Live ignoring CardSpace?

OpenID is a great tool for logging in to a Web site that you want to use but don’t need to trust. You wouldn’t want to use OpenID to get into your banking site because it’s just not secure enough, but it’s great for not having to remember passwords for LiveJournal, Dopplr, Plaxo and the like. You log into one site and tell the others to ask that site who you are. OpenID is getting less vulnerable, but it’s simply not intended to protect really important information.

The information card system is secure; it’s protected by cryptographic keys, it’s got a user interface that makes it very clear when you’re being asked to log in to a site, what the site wants to know about you and it lets you choose from a ‘wallet’ of cards to prove your identity. That gives you security and privacy and ease of use together (which improves security by stopping people using the same password everywhere. Microsoft put it into Vista and Internet Explorer 7 as CardSpace (information cards are the generic system and there are implementations that you can use in Firefox and Safari, on Macs and Linux machines, CardSpace is just the Microsoft implementation).

And since then, I’ve been waiting for Microsoft to deliver the next pieces. A token server that a business can use to issue its own information cards, and to validate them so you can use them for access to internal apps, preferably federated so you can also validate partners. And a public service that issues not just the self-certified cards that anyone can create with their public details but managed cards that have useful information that you want to protect. When you wave your passport or driving licence in an American bar, the bar doesn’t - or shouldn’t take a copy of it; they just need to know you’re old enough to have one.  Put your birthday into a managed card and you can prove that you’re over 16 for a shopping site without handing over details that could help someone hack your bank account if the site loses its customer details on a USB stick, because the site only gets the assertion that you’re old enough, not the actual day, month and year.

Issuing cards was going to be a function of ADFS at one point, because it fits with where enterprises store identity information; for development and resource reasons it went on and off the feature list and now it’s going to be a free component in Windows Server 2008 (and maybe other versions), code-named Project Geneva. Currently in beta at www.microsoft.com/geneva, there will be a feature-complete beta in the first half of 2009 and a final version in the second half. It leverages AD and SAML and x509, it interoperates with a wide range of line of business applications and it makes using secure identities easy in a business.

That just leaves a managed card service for those of us who aren’t in a big business and I’m still waiting. And in the PDC keynote today, Microsoft announced that Windows Live ID would be issuing a new kind of identity - but it’s not information cards.

So why is Windows Live ID proudly announcing that it’s issuing OpenIDs but not CardSpace IDs? Is it because OpenID is accepted by a lot of sites? So are information cards, and if you could get an identity you could trust from Windows Live other sites would be more likely to adopt them - because it’s easy to use Windows Live ID instead of running your own username and password system.

Is it because OpenID is, well, open?
CardSpace is the most open project Microsoft has ever done. The architect, Kim Cameron, has almost single-handedly changed the perception of Microsoft in the identity community, which isn’t bad for a company that was so roundly derided for Passport. The open nature of information cards “just isn’t up for discussion” Cameron said to me (before plunging into a discussion with senior VP Bob Muglia about why you can’t constrain the scope of identity to just in the cloud or just on the server or just on the Web or just on the desktop).

Is it because CardSpace 2 is going to better than CardSpace 1? It will let you transfer information cards from one PC to another, and when you go back to a site you’ve used an information card with before, CardSpace 2 will show you the card you used last - which means that even if a phishing site accepts information cards to try and fool you, you’ll be able to tell (and the phishing site isn’t going to get the details out of your card so scammers can’t steal it). But Microsoft has adopted the first version of plenty of its own technologies even when there has been something new and better just around the corner. And issuing managed cards today, cards that have been verified and are backed by an identity provider, would be a huge step forward.

If it’s because Microsoft wants somebody else to issue managed cards because a supermarket or a post office or a government already has relationships with people and systems for handling information - or because they look like a more natural place to prove your identity because they can prove that you have a loyalty card or a post office box or a passport - then I’d say yes, but you can’t wait for that to happen. Once the first managed identity provider proves its value then banks and services that sell you certificates will join in, but you can’t keep on waiting to go first them to go first.

I wonder if it’s the legacy of Passport. Maybe the Live team wants to be extra sure they don’t rush out with an implementation that could have problems and create another Passport backlash. Or maybe they aren’t comfortable with the way that CardSpace takes the power of identity away from the provider and gives it back to the user; issuing managed information cards would be admitting once and for all that Microsoft is never going to own user identities in the way that Passport envisaged. Everyone I’ve met from the Windows Live team so far is smarter than that, which leaves me confused. Because it’s ludicrous that Microsoft has a far superior identity technology to OpenID that it’s getting ready to offer to businesses and it hasn’t even talked about how to bring it to everyday Web users who need it just as much.
-Mary

It’s time for IT to have its own ERP and CRM, according to HP. That’s what the business technology optimization tools it’s developed are for. Today that’s the product name, but it’s such a good phrase that Tom Hogan, the senior VP and global manager of HP software (and, since he bought EDS, services), is thinking of coming up with some other name so he can keep it as a description. It’s meant to make you think of business process optimization, where you discover the way your company does everything has been wrong all along and it’s going to take an expensive stint of consultancy to fix it.

The way most companies do IT is hand to mouth, piecemeal and manually intensive. Imagine a car assembly plant that hand-wrote scripts to control the robots every time a new part had to be made. If IT departments really were the cobbler’s children they’re often compared to, they’d have been barefoot so long they’d be placed in foster care. Most IT departments can’t add as much value to the business as the technology companies tell us their technology can deliver and that’s not just the gap between hype and reality. In a survey that the Economist Intelligence Unit just carried out for HP, an “overwhelming majority of both CEOs and CIOs” believe that “technology is integral to the success of their company” and 88% of CEOs and 90% of CIOs say they “share similar visions for how technology can deliver business outcomes at their company” - which is close enough that they must be at least on the same page. So what’s the problem? As usual, money.

The 70-80% of the budget most IT departments have been spending on maintenance rather than innovation has only just gone down to 60% according to a new survey in CIO magazine. If you’re doing really, really

A comment from Wyse popped into my inbox the other day, criticising the government for using desktop PCs instead of thin clients which are “inherently more energy efficient” (surprise surprise).

David Angwin, director of marketing for EMEA, claimed that “thin client computers give users exactly the same applications and performance as a PC and run on as little a tenth of the electricity.” Certainly, Wyse is one of the few thin client manufacturers who can claim to support a wide range of applications; I know one financial company who had to replace the first batch of thin clients they tried with Wyse kit almost within the week because the others couldn’t cope with video clips. But is that power figure the whole story?

Earlier in the year I was talking to Barry Goodall at the Royal Borough of Kensington and Chelsea. He’s spent a lot of time and effort greening the council’s IT and although he’s a big fan of server virtualisation, he has a much less positive view of the green credentials of thin clients after he disproved the figures in a Frauenhofer Institute report on green computing. “The report said we could save million of pounds by using thin clients, so we were quite interested in this! We looked at some of the details and things leapt out at us; in particular the power consumption of PCs was markedly higher than ours - we use Dell desktops.”

He was checking his Dells anyway, because Dell was claiming upgrading to model 745s would save as much energy as changing from CRT to LCD screens. “We have an electricity monitoring gadget from Maplin which I highly recommend: don’t trust anything the manufacturers tell you! It’s very easy and you need to measure it yourself.” His measurements showed the model 745s used the same 60 Watts of power as the Dell kit he already had; Dell’s 45 Watt figure assumed energy management features that weren’t turned on by default. “Energy saving features in the BIOS count for nothing unless you enable hibernation in Windows!”

But 60 Watts or 45, it was still a far cry from the 120 Watts that Frauenhofer was assuming for a desktop PC. That’s what you’d expect from a top-end home machine with a high-power graphics card for gaming; business desktops are rather more frugal.

That wasn’t the only place he felt the sums didn’t add up. “Although the report said in the text that they had accounted for PCs being turned on maybe ten hours a day, terminal servers are typically running 24/7. If you tot up the number of hours people work out of the year, even though it feels like you work all the hours God sends, it’s actually about 2,200 and the figures in their tables hadn’t taken that into account. When we plugged in the correct figures they supported the opposite arguments; with the number of clients per server they assumed, it was more expensive in terms of CO2 than a typical fat client environment. Thin client can be more energy efficient but you need to be clever and turn some servers off when demand is low; you have to be monitoring the workload so you can turn some servers off overnight and come the morning, start turning them back on again - though you’re running a little bit of a risk that maybe one or two servers won’t start up and you’ll struggle a little.”

When I talked to Jon Stewart at Cisco about security trends recently, he slipped in a few network arguments (as you’d expect from a network company). “I have a feeling [that] what you’re going to end up seeing is very thin, light application suites that are endpoint based and a very rich experience using massive network build out. It’s already started to happen; definitely BT has gone down this route. You’re basically saying the end point is going to matter less at a computational level. The display and the keyboard and the system that you interact with, is the most valuable. Think about Lufthansa going to wireless on their planes, they’re trying to solve the inability to do work when you’re mobile. Everything about handset mobility, you’re trying to solve work when you’re mobile. But each time it happens, less and less computational necessity exists on the device - you’re just getting the service on the device.”

But do we care less and less about devices? Again, you’d expect Steve Ballmer to favour the PC, but he told his audience at the Partner Conference that actually, all the devices that are getting attention are fat (we just need to make them easy too). “It’s ironic, people talk a lot about whether people want thin clients. And I don’t deny people want reduced cost, and complexity of management. I think we’re all hearing that from our customers. But people don’t want to really give up the richness and capabilities of a rich client. We even see that in phones. What’s going on in phones today? Phones are actually getting richer. That’s what Windows Mobile is, that’s what the iPhone is, that’s what Symbian is, that’s what Android is: all of these things are getting richer, and Windows PCs will be the richest, most capable device that most people ever own.”

Chatting with Peter Biddle, ex of Microsoft and now at UK enterprise social networking startup Trampoline, he suggested that as usual, what matters is both the device and the network. “Think about it; when did you last do any useful work without being online?”
-Mary

With Intel’s 40th birthday on the horizon (and with it the 40th anniversary of the microprocessor), Intel’s Pat Gelsinger took a few minutes yesterday to ruminate on the past, present and future - and to take a few questions.

Beginning with a look back to the i386, and the shift from 16 to 32-bit computing, Gelsinger pointed to a time of technical and industry transition, much like today. It was the point where Compaq moved ahead of IBM, and Windows and Microsoft began to shape the software industry. We’re in the middle of another shift at the moment, what Gelsinger called the “third era of Moore’s Law”.

The first era was the age of invention, with the second concentrating on scale and manufacturing. Gelsinger calls the third era “The right hand turn”, where the industry starts to concentrate on energy efficiency. He went on to describe the industry’s success as resulting from “the power of compatibility”, where compatible software means that each generation of silicon can inherit the work of the entire industry (with just a little recompile along the way). There have been plenty of changes in Microprocessor design, purely by increasing numbers of transistors - the power controller on Intel’s Nehalem processors is bigger than Gelsinger’s first processor. There’s a sheer complexity to these machines, which Gelsinger described as “the most advanced things ever built”.

That’s the past and today, so what about tomorrow? Intel reckons on having 10 years of visibility into the future of silicon. Gelsinger described silicon as “the scaffolding for half the periodic table”. The future will be much the same, even if it’s based on silicon nanowires and spintronics. The first big change will be in just a couple of years, with the shift to 450mm wafers. The investment this requires will be huge, and Intel expects this to trigger a wave of industry consolidations - just to help pay for the new fabs.

Gelsinger also sees Intel’s IA architecture as a key differentiator between it and the rest of the industry. As multicore systems become more and more common, and as IA scales up to teraflop terascale systems and down to milliwatts, software will be compatible between all the different versions of the architecture. There of course will be different languages and libraries (especially for parallel processing systems), but code will be portable.

The result will be what Gelsinger calls an “AE724″ world. Bill Gates’ vision was a computer on every desk and in every home, Intel’s is much more ambitious. It’s a world where everyone has access to the Internet, with computing embedded into the environment and the infrastructure - everywhere you can imagine. It’s certainly a big picture - and one that will mean a shift in the way we develop applications and in how we design networks and data centres.

We blogged about GPU-based computing last week, and Gelsinger was asked about Intel’s response to NVIDIA’s CUDA and AMD’s CTM. Describing CUDA as “an interesting footnote in the history of computing”, Gelsinger talked about GPU computing as a cool idea that required a new programming model. He felt that this would be hard to deal with compared to general purpose computing techniques, and suggested that Intel’s massively multicore Larabee would be the right answer in the long term.

It’s true the microprocessor and the software stack make a huge difference. I probably wouldn’t have dialed in to the conference call if Skype didn’t connect to US 1-800 numbers for free from anywhere in the world. Whether the future’s all Intel is another question. IA is an important architecture but there’s still space for low power alternatives like ARM, or for specialised co-processors from the likes of Toshiba, Azul, AMD and NVIDIA. General purpose silicon is just one way of working - and if you’re prepared to target a specific niche there’s still plenty of scope to make a very healthy profit with specialised silicon.

–Simon